MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

The structure of each folder containing the files used during the process comprisesfiles Fraud login_failed.php, logs.php, search.php, succes.html and two files with the .txt file in which data are recorded stolen in clear text.

The file succes.html is calledfrom logs.php file and contains two exploits for the vulnerabilities described in CVE-2008-2463 (Office Snapshot Viewer) and CVE-2008-0015 (MsVidCtl Overflow).

On the other hand, contains a Drive-by-Download through an iframe tag that redirects to Trenz.pl/rc/pdf.php? spl=pdf_ie2 from where you download a pdf file detected for 50% of the antivirus engines offered by the VirusTotal service, and whose md5 is 47ea66b43e25169e6bb256e000a16ffd. In addition, download the file load.exe (c2a41abc43dd0bcf98ae07315eb4c6f6). In this case, detected by 90%.

Both files are located In-the-Wild and part of a pack known as exploit version 1.2: Eleonore Exploit Pack.